Description
Jenkins Checkmarx Plugin 2022.3.3 and earlier does not escape values returned from the Checkmarx service API before inserting them into HTML reports, resulting in a stored cross-site scripting (XSS) vulnerability.
Remediation
References
https://www.jenkins.io/security/advisory/2022-12-07/#SECURITY-2869
Related Vulnerabilities
CVE-2019-17359 Vulnerability in maven package org.bouncycastle:bcprov-ext-jdk15on
CVE-2015-5348 Vulnerability in maven package org.apache.camel:camel-http-common
CVE-2017-15691 Vulnerability in maven package org.apache.uima:uimaj-adapter-vinci
CVE-2019-10247 Vulnerability in maven package org.eclipse.jetty:jetty-server
CVE-2022-40955 Vulnerability in maven package org.apache.inlong:manager-pojo